Respect for the individual is a basic principle of aikido, and we believe that should extend to our contact with you online as well as on the tatami. As a result, we take seriously your privacy and the security of any personal information you disclose to us.

Most online privacy violations arise out of excessive collection and inappropriate use of personal data. In particular, personal data is often used as a way of making money (for instance, by selling it to advertisers). We will not 'monetise' your data in any way; not by selling it to third parties, and not by selling space to advertisers. That is not the club's purpose or intent.

Personal data is also put at risk when it is transferred from one jurisdiction to another. We will not transfer your data outside the UK, and we will process it in accordance with UK and EU data protection laws. Although legal compliance is of course an important baseline, we will aim to exceed legal requirements by dealing with your data ethically at all times.

Our privacy policy is based on a number of simple principles:

Minimisation

If we don't need your data, we won't collect it. If we do collect data, we will delete it once we no longer need it.
Examples:

There's no reason for us to keep a record of your gender, so we will not ask for it.

If you give us your email address, but then decide you don't want emails from us, we will delete the email address.

Clear purpose

If you tell us something for a particular reason, we will not use it for anything else.

Examples:

If we collect your email address to send you club emails, we will not sell it to third parties so they can spam you.

If we collect your date of birth so as to insure you, we will not use it so the other club members can throw a surprise party for you.

Informed Consent

We will not use your data for anything we have not told you about. Wherever possible, you will have the option to say 'no'. We will do our best to give you relevant information about the risks of disclosure, as well as the purpose and benefits.

If we know or believe a member to be under 16, we will make every reasonable effort to ensure that we have the consent of a parent or guardian.

Example:

We need to disclose your name and date of birth to a third party in order to make sure all club members are insured; we do not think they need to know your address, so you will have the option of not disclosing that.

Control

You may ask to see any personal data we hold about you, correct it if it is wrong, and be told who it has been disclosed to.

Our default policy will be that we do not disclose your data on your behalf - not even to other members - unless you have indicated consent as above.

Example:

Emails sent out to all club members will not display the recipients' email addresses. It is up to members if they decide to exchange personal data among themselves.

Security

If your data is stored electronically, we will protect it by encryption, password-based access control or both.
If it is stored physically we will take suitable steps to keep it safe.

Any duplicate or backup records will be secured to at least the same extent.

By default, your personal data will not be stored online (except, for example, if you choose to create a user account on the club's website).

Examples:

Details stored on PCs will be encrypted, or access to the PC will be password protected.

Physical records will be kept as secure as is practical in a domestic setting.

In formulating these simple principles above, we have used a wealth of guidance from the following sources:

* We are also guided by the very comprehensive Data Protection Code of Practice published by JISC (Joint Information Systems Committee), and aim to comply with as much of it as is relevant to a small club like ours (source: JISC Data Protection Code of Practice)